Rewterz

CVE-2025-46603 – Dell CloudBoost Virtual Appliance Vulnerability

December 8, 2025
Rewterz

Multiple Apple Products Vulnerabilities

December 8, 2025

Multiple Apache HTTP Server Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-58098 CVSS:8.3

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.

CVE-2025-65082 CVSS:6.5

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

CVE-2025-59775 CVSS:7.5

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content.

Impact

  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-58098

  • CVE-2025-65082

  • CVE-2025-59775

Affected Vendors

Apache

Affected Products

  • Apache HTTP Server 2.4.0 - 2.4.65

Remediation

Refer to Apache Security Advisory for patch, upgrade, or suggested workaround information.

Apache Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.